Course outline

Day One:

1. Injection

Injection attacks are among the most common attack vectors - they include SQL Injections, Cross Site Scripting (XSS) or trusted third-party sites. In this section, you will learn what these attacks are, and how you can defend your applications against them.

2. Authentication

Learn how you can properly authenticate users, how to handle cookies, how to store passwords and sessions.

3. Cross Site Request Forgery

In this section, we will go through what CSRF is, and how attackers might try to exploit it. You will learn how to defend your applications against them.

4. Insecure Dependencies

npm has hundreds of thousands of modules. Sometimes, with an ecosystem this big, security vulnerabilities will be introduced to certain modules. You will learn how you can monitor your dependencies.

Day Two:

5. Default Configurations

Default configurations are sometimes not security-minded. They focus on the ease of use, therefore often leaving doors open for attackers. We will take a look at how you can secure your deployments with better configurations.

6. Logging

It is crucial to have a detailed audit log of what happens in your systems. With the help of them, you can investigate issues. However, logging has its danger sources as well, so you need to learn how to be security-minded when developing Node applications.

7. The Human Factor

95% of security problems are the result of some human error, like sending passwords in emails or using the same user for multiple actual users. In this part, we will go through some actionable items to make your company more secure.